Ruby on rails 如何使用回形针从s3访问同一Ruby on Rails应用程序中的私有和公共图像_Ruby On Rails_Paperclip_Aws Sdk Ruby

Ruby on rails 如何使用回形针从s3访问同一Ruby on Rails应用程序中的私有和公共图像

ruby-on-rails

Ruby on rails 如何使用回形针从s3访问同一Ruby on Rails应用程序中的私有和公共图像,ruby-on-rails,paperclip,aws-sdk-ruby,Ruby On Rails,Paperclip,Aws Sdk Ruby,应用程序我正在编写一个应用程序，需要从用户那里获取图片并将其保存在AWS S3 bucket中 app/models/picture.rb class Picture < ActiveRecord::Base include Paperclip::Glue belongs_to :user scope :active_objects, -> { where(is_deleted: false)} has_attached_file :image, :s

应用程序

我正在编写一个应用程序，需要从用户那里获取图片并将其保存在AWS S3 bucket中

app/models/picture.rb

class Picture < ActiveRecord::Base

  include Paperclip::Glue

  belongs_to :user

  scope :active_objects, -> { where(is_deleted: false)}

  has_attached_file :image,

  :styles => {:medium => "800>", :small => "480>", :thumb => "100>"},
  :convert_options => {:medium =>'-quality 90', :small =>'-quality 80', :thumb => '-quality 50' },
  :storage => :s3,
  :url => ":s3_domain_url",
  :path => 'pictures/:id/image/:style/:basename.:extension',
  # :s3_permissions => :private,
  :s3_region => 's3-ap-southeast-1.amazonaws.com',
  :s3_endpoint => 's3-ap-southeast-1.amazonaws.com',
  :s3_credentials => Proc.new { |a| a.instance.s3_credentials }

  def s3_credentials
    {:bucket => App.secrets.bucket_name, :access_key_id => App.secrets.aws_access_key_id, 
      :secret_access_key => App.secrets.aws_secret_access_key}
  end

  def url(style_name = :original, time = 30.minutes.to_i)
    image.s3_permissions == :private ? (image.expiring_url(time, style_name)) : (image.url(style_name))
  end

end

响应中的url会在浏览器选项卡中打开一个图像，但之前上传的图像（Picture.first）仍然无法访问。当我尝试打开url时，它会给出以下信息

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>6423906A78A3FDFF</RequestId>
<HostId>
fowfNEi6+mM265iGig+jhT1/ih2P7yhPzNegHiS9Q6NrP4mnGNKkXFDefLva85tjAQ0uNbenYew=
</HostId>
</Error>

此外，他们的s3_权限将作为公共_读取

>> Picture.first.image.s3_permissions
A, [2018-05-01T01:18:05.171381 #94266]   ANY -- : 2018-05-01 01:18:05 +0530 severity=DEBUG, Picture Load (0.7ms)  SELECT  "pictures".* FROM "pictures" ORDER BY "pictures"."id" ASC LIMIT $1  [["LIMIT", 1]]
=> :public_read

您必须在S3端配置此访问

把这个放在你的bucket策略中：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your_bucket_name/*"
        }
    ]
}

嗨，谢谢你的回答。你能解释一下这个代码的作用吗？另外，在我的bucket策略中加入此选项后，我的私有映像是否会将其s3_权限显示为：private？

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your_bucket_name/*"
        }
    ]
}